From 6b390e5fcfcdb130f92cdf6ed3caa7582a567dd8 Mon Sep 17 00:00:00 2001 From: Martin Cech Date: Thu, 16 Jan 2025 13:22:02 +0100 Subject: [PATCH] make sure we have refresh_token before refreshing we are not guaranteed to have it --- lib/galaxy/authnz/custos_authnz.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/galaxy/authnz/custos_authnz.py b/lib/galaxy/authnz/custos_authnz.py index ffa02e038059..218ee3d46855 100644 --- a/lib/galaxy/authnz/custos_authnz.py +++ b/lib/galaxy/authnz/custos_authnz.py @@ -121,6 +121,8 @@ def refresh(self, trans, custos_authnz_token): # do not refresh tokens if the id_token didn't reach its half-life if int(id_token_decoded["iat"]) + int(id_token_decoded["exp"]) > 2 * int(time.time()): return False + if not custos_authnz_token.refresh_token: + return False refresh_token_decoded = self._decode_token_no_signature(custos_authnz_token.refresh_token) # do not attempt to use refresh token that is already expired if int(refresh_token_decoded["exp"]) > int(time.time()):